package com.iman.manjusri.web.common;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import com.iman.manjusri.domain.User;
import com.iman.manjusri.service.UserService;
import com.iman.manjusri.util.Web7Util;

/**
 * 登陆的controller
 */

@Controller
@RequestMapping(value = "/security/*")
public class SecurityController {

    @Autowired
    UserService userService;

    @RequestMapping(value = "/login")
    public String login(HttpServletRequest req ,Model model, @RequestParam(value = "userId") String userId, @RequestParam(value = "password") String password) {
        User user = userService.getUserByUserIdPwd(userId, password);
        if (null != user) {
            //setLogin(user.getUserId(), user.getPwd());
            Web7Util.setCurrentUser(user,req);
            model.addAttribute(user);
        } else {
            //put some error message into response to show it to user
        }
        return "index";
    }
    @RequestMapping(value = "/loginst")
    @ResponseBody
    public String loginSt(HttpServletRequest req ,Model model, @RequestParam(value = "userId") String userId, @RequestParam(value = "password") String password) {
        User user = userService.getUserByUserIdPwd(userId, password);
        if (null != user) {
            //setLogin(user.getUserId(), user.getPwd());
            Web7Util.setCurrentUser(user,req);
            model.addAttribute(user);
            return "ok";
        } else {
            //put some error message into response to show it to user
        	 return "fail";
        }
       
    }
    // 设置登录信息,userId 主键 profile
    public static final void setLogin(String userId, String password) {
        Subject currentUser = SecurityUtils.getSubject();
        if (!currentUser.isAuthenticated()) {
            // collect user principals and credentials in a gui specific manner
            // such as username/password html form, X509 certificate, OpenID,
            // etc.
            // We'll use the username/password example here since it is the most
            // common.
            // (do you know what movie this is from? ;)
            UsernamePasswordToken token = new UsernamePasswordToken(userId, password);
            // this is all you have to do to support 'remember me' (no config -
            // built in!):
            token.setRememberMe(true);
            currentUser.login(token);
        }
    };

    @RequestMapping(value = "logout")
    public String logout(HttpServletRequest request) {
        Subject subject = SecurityUtils.getSubject();
        if (subject != null) {
            // see:http://incubator.apache.org/shiro/static/current/apidocs/org/apache/shiro/subject/Subject.html#logout()
            subject.logout();
            
            Web7Util.setCurrentUser(null,request) ;
        }
        request.getSession().invalidate();
        return "index";
    }
}
